Uploaded image for project: 'Product Roadmaps'
  1. Product Roadmaps
  2. MMF-724

Quality Profiles should belong to organizations



    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Labels:



      With SonarQube 6.3, users create organizations in which they can:

      • Analyse projects
      • Manage the org permissions to know who can administer, who can create projects, who can push analyses
      • Manage groups and permission templates to simplify the managment of project permissions

      But the most awaited feature on organization is the ability to define your own quality profiles and share them accross the projects of your org.

      Use Cases

      Note: as usual, we're describing here the behaviour for the "Cloud" mode and we expect the "OnPrem" mode to keep on working the same way

      As a SQ.com user who is the administration of a given organization, I expect to:

      1. Go to "Administration > Permissions" page on the org
      2. See the "Administer Quality Profiles" permission
      3. Be able to define which user or which group has the right to manage QP on this org

      As a SQ.com user who has the right to administer QP on an org, I expect to:

      1. Go to the "Quality Profiles" page on the org
      2. On this "Quality Profiles" page, have the ability to do all I can normally do on this page when I'm "OnPrem" - but obviously all scoped to the current org:
        • When I create or copy a QP, it is created or copied in the org
        • When I delete a QP, only the one of the current org is deleted even if other QP in other orgs have the same name
        • When I compare a QP, only QP of the org are suggested
          • Maybe later we could allow to compare with QP of other orgs - but it's out of scope for this MMF
        • When I set a QP as default, it does not impact default QP of other orgs
        • When I restore built-in profiles, only those of the org are restored
        • When I want to activate more rules on a QP, I jump to the "Rules" page of that org
      3. On the "Rules" page, I expect to also have the ability to do all I can normally do on this page when I'm "OnPrem" - but obviously all scoped to the current org:
        • See the distribution of rules per QP of the org only ("Quality Profile" facet)
        • When I activate a rule (1 by 1 or bulk), I expect to be able to do that only on the QP of the org
        • As a consequence, on the detail of a rule, in the "Quality Profiles" section, I expect to see only QP of my org
        • On the detail of a rule, I expect to see issues found (for that rule) only on projects of the current org
          • And when I click on the number of issues on a project, I expect to go to the "Issues" project page
          • And for the total number of issues, it's not a problem if it's not clickable

      As a SQ.com user who doesn't have the right to administer QP on an org, I expect to:

      • At org level:
        • see the quality profiles of the given org if I go to "Quality Profiles", and see the details but can't do any modification
        • see the "Rules" page of that org, but can't do any modification on that page
      • At project level:
        • When I click on the quality profiles on the project home page (on the right), I expect to go to the correct QP of the current org
        • If I'm project administrator of that project, when I go to "Administration > Quality Profiles", I must be able to choose only quality profiles of the current org
          • And then I expect the analysis done by the SQ Scanner to use the correct profile (and not the profile from another org or from the default org)


      To be able to move forward, this MMF will have the following limitations:

      • Rules can not be customized on the non-default organization
        • Tags, rule extension and remediation function are only updatable on the default org
        • Will be fixed with MMF-838
      • Custom Rules won't be supported on organization (but still on premise)
        • At least in this version 6.4
        • Reason: for simplicity, rules are cross-organization so no org key on this table

      Open questions

      To decide:

      • Should we take the opportunity to make built-in "Sonar way" quality profiles "read-only" and updated with plugin upgrades?
        • Rationale is: if we don't do that, there will quickly be a fragmentation of users using the most up-to-date rules and users remaining on a "old" set of rules, which can bring confusion (think also about a user who's been working on his personal org for a while and creates a new one with up-to-date "Sonar way")
        • Note that this topic is one of the options listed in “MMF-324: Highlight built-in "Sonar way" profiles" - so maybe this MMF could make its way in 6.5

      Nice to have:

      • Should we add a way to make a QP private when you have private projects?
        • Could be interesting for companies who will have only private projects and who don't want to unveil the level of quality that they do expect for their developments
        • Note that there's the same question for member list (MMF-725) - which can lead to have a private vs. public org feature (TBD)
        • => This can be addressed later on in a dedicated MMF about visibility of an organization


          Issue Links



              fabrice.bellingard Fabrice Bellingard
              fabrice.bellingard Fabrice Bellingard
              0 Vote for this issue
              1 Start watching this issue